I noticed that Storage API v1.2 defines functions for access control, although currently they end up returning true always. Is this because the access control is not implemented yet and these are mainly placeholders or is it is something that is already doable and I just need to configure permissions? (Couldn't find how).

Ideally, I want to be able to restrict files depending on the role of the user.

I think this is already fixed, at least in 1.5. Storage class's access() method will invoke hook_storage_access to perform access check, storage_core_bridge implements hook_storage_access check by loading the node containing the file, and run node_access('view') on it.